PDA

View Full Version : RFID cloning



Dr Mordrid
25th July 2006, 16:39
http://cq.cx/verichip.pl


Demo: Cloning a Verichip

In Brief: Verichip markets their product for access control. This means that you could have a chip implanted, and then your front door would unlock when your shoulder got close to the reader. Let us imagine that you did this; then, I could sit next to you on the subway, and read your chip's ID. This takes less than a second. At this point I can break in to your house, by replaying that ID. So now you have to change your ID; but as far as I know, you cannot do this without surgery.

All of this relates to an article that Annalee Newitz wrote for Wired. I would not have looked at these parts otherwise; the Verichip is built with no attempt at security, and is therefore not very special to clone. The designers of this product must be aware that an attack like I outline below is possible. But, Reuters quoted ‘VeriChip spokesman’ John Procter as saying that:

‘We can't verify what they [Annalee and I] may or may not have done....We haven't seen any first-hand evidence other than what's been reported in the media.’ (Sat Jul 22, 2006)

This is just silly. The Verichip is a repurposed dog tag; there is no reason (counterfeit housepets?) why it would have been designed with any security features, and in fact it was not. Their own technical staff—or failing that, the technical staff of the company that sells them the tags—can tell them this, with or without me.